Information on contact persons for business
Purpose of processing data
We process personal data to make decisions on sign-up requests and data permission applications, to implement communication regarding the reporting of data to the Positive credit register and ordering of credit register extracts, to invoice credit register extracts, and to carry out activities related to API access.
What data do we process?
We process the following personal data on business operators’ contact persons:
- name
- phone number
- address
- invoice address
- email address.
When a business operator signs up to the Positive credit register as a data notifier, they can specify the following contact persons:
- contact person for sign-up
- contact person for content
- contact person for technical matters
- technical contact person for certificates.
When a business applies for a data permission for the Positive credit register from the Incomes Register Unit, they can specify the following contact persons:
- contact person for data permission application
- contact person for content
- contact person for technical matters
- technical contact person for certificates
- person responsible for information security
- person responsible for data protection
- contact person for invoicing
If a business signs up to the register in the e-service for organisations, we will process the name data on the representative or person acting on the Suomi.fi authorisation who has logged in to the e-service.
If a business submits a sign-up request or a data permission application on paper, we can also process such information and documents that are necessary to verify the business operator or their rights of representation and to identify the business operator's representative or authorisation holder.
Where does the data come from?
We receive the data from business operators that have signed up to the Positive credit register as data notifiers, applied for data permissions for the Positive credit register from the Incomes Register Unit, or updated the contact information of contact persons after signing up or submitting a data permission application.
On what basis do we process data?
We process personal data to comply with the Incomes Register Unit’s statutory obligation (General Data Protection Regulation (EU 2016/679), Article 6(1)(c)). The processing is provided for in the Act on the Positive Credit Register (739/2022).
Disclosure of data
As a general rule, data is not disclosed.
Processors
The Positive credit register has been implemented on the Microsoft Azure cloud service platform. The certificate service is provided by Digia Plc. We use the following service providers for application management services, such as troubleshooting: Innofactor Software Ltd, Gofore Plc, Gofore Verify Oy and Advania Finland Oy. When processing personal data, application management uses a service management system provided by ServiceNow. Digia Plc handles the on-call service regarding disruptions in the Positive credit register.
Transfer of personal data to third countries
In principle, we do not disclose data to countries outside the EU/EEA. However, in exceptional individual cases, Microsoft may have access to personal data during support and maintenance activities. In data transfer, the transfer basis under the General Data Protection Regulation is the European Commission's decision on the adequacy of data protection under Article 45(1) (Adequacy decision for the EU-US Data Privacy Framework, C(2023) 4745 final) or, where necessary, standard contractual clauses published by the European Commission.
Retention of data
With regard to data retention, we comply with the Tax Administration's information management plan. We retain the data only for as long as necessary for the performance of the Incomes Register Unit's statutory task.
The data is deleted at the latest when the business ceases to be a data notifier or their data permission expires. The details of contact persons specified by businesses will be deleted when the contact person changes.
Your data protection rights regarding the processing of personal data
As a controller, the Income Register Unit is responsible for enforcing your data protection rights based on the EU's General Data Protection Regulation. You can make a free-form written request regarding your data protection rights and send it to us to the address below:
POSITIVE CREDIT REGISTER
P.O. BOX 2
FI-00055 Incomes Register
You can find more information about your data protection rights on the website of the Office of the Data Protection Ombudsman.
If you need help in exercising your rights, you can contact our customer service.
Right to view personal data
You have the right to know if we are processing your personal data. You are also entitled to receive a copy of your personal data that we process.
You can submit us a request to view your personal data with the paperform or contact form below.
Right to rectify data
You have the right to request us to rectify your inaccurate or incorrect personal data without any undue delay.
Right to restriction of processing
If you think the data we are processing about you is incorrect, if the data is processed against the law or if you have opposed the processing of your data, you can request us to restrict the processing of your personal data.
Right to file a notification with the supervisory authority
You have the right to file a notification with the Data Protection Ombudsman regarding the processing of your personal data. Further information and instructions on how to file a notification are available on the website of the Office of the Data Protection Ombudsman.